Security News > 2023 > June > Microsoft stole our stolen dark web data, says security outfit

Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.

In a lawsuit filed in King County Superior Court in Washington, Hold said it had an agreement with Microsoft going back to 2014 to grant the Windows giant access to its database of compromised accounts with the expectation that Microsoft would limit use to matching Hold's records against Microsoft customer accounts.

The suit also accuses Microsoft of "Improperly and without authorization" using stolen accounts in Hold's database in its administration of LinkedIn and GitHub, both of which were acquired after the initial statement of work that defined which domains Microsoft could collect data for.

Hold claims in the suit to have discovered in 2021 that Microsoft had been "Wrongfully retain[ing] stolen account credentials in contravention of the parties' agreement," and that Hold CEO Alex Holden contacted Microsoft to discuss the issue.

Along with claiming that Microsoft was collecting and using data in violation of its agreements with Hold, the lawsuit also alleges Microsoft waged a harassment campaign against Hold and Holden when the companies began to have issues.

Hold's lawyers claim Microsoft directed its employees to cease working with Hold after Holden made claims critical of Microsoft's takedown of the TrickBot network, and that Microsoft employees tweeted false information that made cybersecurity journalist Brian Krebs resign from Hold's board, a report Krebs disputed.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/12/microsoft_hold_security_lawsuit/